Last Updated:
Under the RBI proposal, if an individual customer loses up to Rs 50,000 in a genuine fraudulent electronic transaction, they may receive 85% of the net loss or up to Rs 25,000.
For smaller fraud losses, most of the compensation will be paid by the RBI, with smaller contributions from the customer’s bank and the beneficiary bank.
The Reserve Bank of India (RBI) has proposed stronger safeguards for bank customers facing fraud in digital banking transactions. The central bank has issued draft Third Amendment Directions, 2026, under its Responsible Business Conduct framework to revise rules governing customer liability in unauthorised electronic transactions.
The draft directions, released on March 6, 2026, aim to provide clearer protection to customers in cases of fraud involving digital payment channels such as UPI, internet banking, mobile banking, debit or credit cards and ATM transactions.
If implemented, the new rules will apply to transactions carried out on or after July 1, 2026.
The proposed framework will apply to commercial banks, but excludes small finance banks, payments banks, regional rural banks and local area banks.
Under the proposal, if an individual customer loses up to Rs 50,000 in a genuine fraudulent electronic transaction, they may receive 85 per cent of the net loss or up to Rs 25,000, whichever is lower.
What counts as electronic banking transactions
The RBI said electronic banking transactions will include payments carried out through internet banking, mobile banking, cards or other digital channels that fall under the definition of electronic funds transfer under the Payment and Settlement Systems Act, 2007.
The draft also introduces clearer definitions for authorised and unauthorised transactions.
According to the RBI, transactions carried out by customers using authentication methods such as OTP, PIN, passwords or card details will be treated as authorised transactions.
However, the central bank clarified that certain fraud-related situations will still be considered fraudulent electronic banking transactions.
These include cases where a third party uses credentials obtained through fraud, or where customers are tricked or coerced into sending money to scammers posing as legitimate recipients.
The RBI said, “Authorised electronic banking transaction includes: a transaction carried out by a customer or a previously authorised third party registered with the bank by granting approval through a standing instruction or mandate or any form of additional authentication such as a static password or dynamic password (e.g. OTP), answering challenge questions, card details (CVV / expiry date / PIN) or any other electronic authentication mode provided by the bank.”
It added that transactions executed using credentials obtained fraudulently, or where customers are coerced or tricked into transferring money to scammers, will fall under fraudulent transactions.
Bank negligence vs customer negligence
The draft directions also clarify situations where banks or customers may be held responsible.
Bank negligence may include failure to maintain secure systems, not sending transaction alerts or failing to provide channels for reporting fraud.
Customer negligence, on the other hand, may include sharing passwords or OTPs, ignoring bank warnings about fraud, or downloading malicious applications.
The RBI has also defined third-party breaches. These refer to cases where the problem lies with intermediaries such as payment gateways, telecom companies or third-party app providers rather than the bank or the customer.
The circular said a third-party breach may involve entities such as Third-Party Application Providers (TPAPs), Payment Aggregators, Payment Gateways or Telecom Service Providers.
Fraud must be reported immediately
The RBI has asked banks to advise customers to report any fraudulent digital transaction immediately.
Customers should inform their bank and also lodge a complaint through the National Cyber Crime Reporting Portal or call the cyber crime helpline 1930 at the earliest after discovering the fraud.
Compensation for small digital fraud losses
The draft directions also propose a compensation mechanism for small digital banking frauds.
Under the proposal, if an individual customer loses up to Rs 50,000 in a genuine fraudulent electronic transaction, they may receive 85 per cent of the net loss or up to Rs 25,000, whichever is lower.
However, the compensation will be available only once in a customer’s lifetime.
To qualify, the fraud must be reported to both the bank and the cyber crime portal or helpline within five days of the incident.
For smaller fraud losses, most of the compensation will be paid by the RBI, with smaller contributions from the customer’s bank and the beneficiary bank.
If the stolen money is later recovered, the compensation amount will be recalculated accordingly.
Click here to add News18 as your preferred news source on Google.
Follow News18 on Google. Join the fun, play games on News18. Stay updated with all the latest business news, including market trends, stock updates, tax, IPO, banking finance, real estate, savings and investments. To Get in-depth analysis, expert opinions, and real-time updates. Also Download the News18 App to stay updated.
March 07, 2026, 13:08 IST
Read More